summaryrefslogtreecommitdiffabout
authorMichael Krelin <hacker@klever.net>2008-01-31 22:07:53 (UTC)
committer Michael Krelin <hacker@klever.net>2008-01-31 22:07:53 (UTC)
commit67133db1f33b142561575cdf99fedca8fb6ad79b (patch) (unidiff)
tree4320aff864ce4848808c6643bf289b9bbfe70a60
parent66b14d4368d661daf2248e36ac4f9a3f69f6a75a (diff)
downloadlibopkele-67133db1f33b142561575cdf99fedca8fb6ad79b.zip
libopkele-67133db1f33b142561575cdf99fedca8fb6ad79b.tar.gz
libopkele-67133db1f33b142561575cdf99fedca8fb6ad79b.tar.bz2
added util::change_mode_message_proxy class
generatlized checkauth_message_proxy and added it to util namespace. To be later used for constructing setup url in 1.0 checkid_immediate reply. Signed-off-by: Michael Krelin <hacker@klever.net>
Diffstat (more/less context) (show whitespace changes)
-rw-r--r--include/opkele/util.h18
-rw-r--r--lib/basic_rp.cc21
2 files changed, 20 insertions, 19 deletions
diff --git a/include/opkele/util.h b/include/opkele/util.h
index e9176b0..6f3ddf6 100644
--- a/include/opkele/util.h
+++ b/include/opkele/util.h
@@ -123,29 +123,47 @@ namespace opkele {
123 string encode_base64(const void *data,size_t length); 123 string encode_base64(const void *data,size_t length);
124 /** 124 /**
125 * Decode binary data from base64 representation. 125 * Decode binary data from base64 representation.
126 * @param data base64-encoded data 126 * @param data base64-encoded data
127 * @param rv container for decoded binary 127 * @param rv container for decoded binary
128 */ 128 */
129 void decode_base64(const string& data,vector<unsigned char>& rv); 129 void decode_base64(const string& data,vector<unsigned char>& rv);
130 130
131 /** 131 /**
132 * Normalize http(s) URI according to RFC3986, section 6. URI is 132 * Normalize http(s) URI according to RFC3986, section 6. URI is
133 * expected to have scheme: in front of it. 133 * expected to have scheme: in front of it.
134 * @param uri URI 134 * @param uri URI
135 * @return normalized URI 135 * @return normalized URI
136 * @throw not_implemented in case of non-httpi(s) URI 136 * @throw not_implemented in case of non-httpi(s) URI
137 * @throw bad_input in case of malformed URI 137 * @throw bad_input in case of malformed URI
138 */ 138 */
139 string rfc_3986_normalize_uri(const string& uri); 139 string rfc_3986_normalize_uri(const string& uri);
140 140
141 string& strip_uri_fragment_part(string& uri); 141 string& strip_uri_fragment_part(string& uri);
142 142
143 string abi_demangle(const char* mn); 143 string abi_demangle(const char* mn);
144 144
145 string base64_signature(const assoc_t& assoc,const basic_openid_message& om); 145 string base64_signature(const assoc_t& assoc,const basic_openid_message& om);
146 146
147 class change_mode_message_proxy : public basic_openid_message {
148 public:
149 const basic_openid_message& x;
150 const string& mode;
151
152 change_mode_message_proxy(const basic_openid_message& xx,const string& m) : x(xx), mode(m) { }
153
154 bool has_field(const string& n) const { return x.has_field(n); }
155 const string& get_field(const string& n) const {
156 return (n=="mode")?mode:x.get_field(n); }
157 bool has_ns(const string& uri) const {return x.has_ns(uri); }
158 string get_ns(const string& uri) const { return x.get_ns(uri); }
159 fields_iterator fields_begin() const {
160 return x.fields_begin(); }
161 fields_iterator fields_end() const {
162 return x.fields_end(); }
163 };
164
147 } 165 }
148 166
149} 167}
150 168
151#endif /* __OPKELE_UTIL_H */ 169#endif /* __OPKELE_UTIL_H */
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc
index 2da8416..a884583 100644
--- a/lib/basic_rp.cc
+++ b/lib/basic_rp.cc
@@ -257,58 +257,41 @@ namespace opkele {
257 ((rq==string::npos)?rurl:rurl.substr(0,rq)) 257 ((rq==string::npos)?rurl:rurl.substr(0,rq))
258 ) 258 )
259 throw id_res_bad_return_to(OPKELE_CP_ "return_to url doesn't match request url"); 259 throw id_res_bad_return_to(OPKELE_CP_ "return_to url doesn't match request url");
260 map<string,string> tp; parse_query(turl,tq,tp); 260 map<string,string> tp; parse_query(turl,tq,tp);
261 map<string,string> rp; parse_query(rurl,rq,rp); 261 map<string,string> rp; parse_query(rurl,rq,rp);
262 for(map<string,string>::const_iterator rpi=rp.begin();rpi!=rp.end();++rpi) { 262 for(map<string,string>::const_iterator rpi=rp.begin();rpi!=rp.end();++rpi) {
263 map<string,string>::const_iterator tpi = tp.find(rpi->first); 263 map<string,string>::const_iterator tpi = tp.find(rpi->first);
264 if(tpi==tp.end()) 264 if(tpi==tp.end())
265 throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to is missing from the request"); 265 throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to is missing from the request");
266 if(tpi->second!=rpi->second) 266 if(tpi->second!=rpi->second)
267 throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to doesn't matche the request"); 267 throw id_res_bad_return_to(OPKELE_CP_ string("Parameter '")+rpi->first+"' from return_to doesn't matche the request");
268 } 268 }
269 269
270 if(om.has_field("claimed_id")) { 270 if(om.has_field("claimed_id")) {
271 verify_OP( 271 verify_OP(
272 om.get_field("op_endpoint"), 272 om.get_field("op_endpoint"),
273 om.get_field("claimed_id"), 273 om.get_field("claimed_id"),
274 om.get_field("identity") ); 274 om.get_field("identity") );
275 } 275 }
276 276
277 } 277 }
278 if(ext) ext->id_res_hook(om,signeds); 278 if(ext) ext->id_res_hook(om,signeds);
279 } 279 }
280 280
281 class check_auth_message_proxy : public basic_openid_message {
282 public:
283 const basic_openid_message& x;
284
285 check_auth_message_proxy(const basic_openid_message& xx) : x(xx) { }
286
287 bool has_field(const string& n) const { return x.has_field(n); }
288 const string& get_field(const string& n) const {
289 static const string checkauthmode="check_authentication";
290 return (n=="mode")?checkauthmode:x.get_field(n); }
291 bool has_ns(const string& uri) const {return x.has_ns(uri); }
292 string get_ns(const string& uri) const { return x.get_ns(uri); }
293 fields_iterator fields_begin() const {
294 return x.fields_begin(); }
295 fields_iterator fields_end() const {
296 return x.fields_end(); }
297 };
298
299 void basic_RP::check_authentication(const string& OP, 281 void basic_RP::check_authentication(const string& OP,
300 const basic_openid_message& om){ 282 const basic_openid_message& om){
301 openid_message_t res; 283 openid_message_t res;
302 direct_request(res,check_auth_message_proxy(om),OP); 284 static const string checkauthmode = "check_authentication";
285 direct_request(res,util::change_mode_message_proxy(om,checkauthmode),OP);
303 if(res.has_field("is_valid")) { 286 if(res.has_field("is_valid")) {
304 if(res.get_field("is_valid")=="true") { 287 if(res.get_field("is_valid")=="true") {
305 if(res.has_field("invalidate_handle")) 288 if(res.has_field("invalidate_handle"))
306 invalidate_assoc(OP,res.get_field("invalidate_handle")); 289 invalidate_assoc(OP,res.get_field("invalidate_handle"));
307 return; 290 return;
308 } 291 }
309 } 292 }
310 throw failed_check_authentication( 293 throw failed_check_authentication(
311 OPKELE_CP_ "failed to verify response"); 294 OPKELE_CP_ "failed to verify response");
312 } 295 }
313 296
314} 297}